US10476671B2ActiveUtilityA1

Method and device for installing profile of eUICC

78
Assignee: SAMSUNG ELECTRONICS CO LTDPriority: Jul 17, 2014Filed: Jul 10, 2015Granted: Nov 12, 2019
Est. expiryJul 17, 2034(~8 yrs left)· nominal 20-yr term from priority
H04L 9/0861H04W 88/18H04W 8/18H04L 9/0822H04L 63/0428H04W 12/04H04B 1/3816H04W 12/0017H04W 12/0023H04W 12/00401H04W 12/42H04W 12/35H04W 12/037
78
PatentIndex Score
3
Cited by
31
References
14
Claims

Abstract

The present disclosure relates to a method and a device for installing a profile of an embedded universal integrated circuit boards (eUICC) and, more particularly, to a method and a device for remotely installing mobile communication subscriber information (profile) substituting for a universal integrated circuit boards (UICC), on a security module. In an aspect, a network device, acquires at least one of or more profiles encrypted with a first password key and one or more first password keys encrypted with a second password key; and when profile installation for the eUICC starts, transmits to, at least one eUICC, the one or more encrypted profiles and the one or more encrypted first password keys, wherein, prior to the transmission, each first password key is re-encrypted with a third password key for installation by the corresponding one or more eUICCs.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method by a network device for installing a profile of an embedded universal integrated circuit card (eUICC) of a terminal, the method comprising:
 acquiring, from a profile generating server, a profile encrypted with a first security key and the first security key encrypted with a second security key, wherein the second security key is for mutual authentication between the profile generating server and the network device; 
 acquiring the first security key encrypted with a third security key corresponding to the eUICC; and 
 transmitting the encrypted profile and the first security key encrypted with the third security key to the terminal having the eUICC, 
 wherein, during a profile installation, the profile encrypted with the first security key is decrypted with the first security key and is installed in the eUICC. 
 
     
     
       2. The method of  claim 1 , wherein the profile generating server includes a subscription manager data preparation (SM-DP) server. 
     
     
       3. The method of  claim 2 , wherein the acquiring of the first security key encrypted with the third security key comprises:
 decrypting the first security key encrypted with the second security key; and 
 encrypting the first security key with the third security key. 
 
     
     
       4. The method of  claim 1 , wherein the acquiring of the profile encrypted with the first security key and the first security key encrypted with the second security key comprises:
 receiving the profile encrypted with the second security key from the profile generating server; 
 decrypting the profile with the second security key; and 
 encrypting the profile with the first security key. 
 
     
     
       5. The method of  claim 4 , further comprising:
 transmitting the profile encrypted with the first security key and the first security key to the profile generating server, 
 wherein the first security key is encrypted with the third security key by the profile generating server and transmitted to the eUICC. 
 
     
     
       6. The method of  claim 5 , wherein the profile encrypted with the first security key is transmitted to the eUICC in an application protocol data unit (APDU) type message. 
     
     
       7. The method of  claim 1 , wherein the acquiring of the profile encrypted with the first security key and the first security key encrypted with a second security key comprises:
 receiving the profile encrypted with the first security key from the profile generating server. 
 
     
     
       8. The method of  claim 7 , wherein the transmitting of the encrypted profile and the first security key encrypted with the third security key comprises:
 transmitting an eUICC list for installing profiles to the profile generating server, the eUICC list including the eUICC. 
 
     
     
       9. The method of  claim 1 , wherein the first security key is a random key generated for encrypting the profile. 
     
     
       10. The method of  claim 1 , wherein the third security key is a session key generated for encrypting the first security key corresponding to the eUICC. 
     
     
       11. A network device for installing a profile of an embedded universal integrated circuit card (eUICC) of a terminal, the network device comprising:
 a transceiver; and 
 at least one processor coupled with the transceiver and configured to control to:
 acquire, from a profile generating server, a profile encrypted with a first security key and the first security key encrypted with a second security key, wherein the second security key is for mutual authentication between the profile generating server and the network device, 
 acquire the first security key encrypted with a third security key corresponding to the eUICC, and 
 control the transceiver to transmit the encrypted profile and the first security key encrypted with the third security key to the terminal having the eUICC, 
 
 wherein, during a profile installation, the profile encrypted with the first security key is decrypted with the first security key and is installed in the eUICC. 
 
     
     
       12. The network device of  claim 11 , wherein the at least one processor is further configured to:
 control to receive the profile encrypted with the first security key and the first security key encrypted with the second security key from the profile generating server, 
 decrypt the first security key encrypted with the second security key, and 
 encrypt the first security key with the third security key. 
 
     
     
       13. The network device of  claim 11 ,
 wherein the at least one processor is further configured to:
 control to receive the profile encrypted with the second security key from the profile generating server, 
 decrypt the profile with the second security key, 
 encrypt the profile with the first security key, and 
 control the transceiver to transmit the profile encrypted with the first security key and the first security key to the profile generating server, and 
 
 wherein the first security key is encrypted with the third security key by the profile generating server and transmitted to the eUICC. 
 
     
     
       14. The network device of  claim 11 , wherein the at least one processor is further configured to:
 control to receive the profile encrypted with the first security key from the profile generating server, 
 control to transmit an eUICC list for installing profiles to the profile generating server, the eUICC list including the eUICC, and 
 control to receive the first security key encrypted with the third security key from the profile generating server.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.